Website defacements during the period 18-20 May 2018

Published on 2018-05-21

With the declaration of the National Remembrance Day on 18th May 2018, Sri Lanka CERT|CC was alerted to the fact that a number of Sri Lankan websites (.lk, .com & gov.lk) were defaced by separatist elements.

Sri Lanka CERT|CC with the help of ICTA and LGII alerted key personnel in Government Departments (Chief Innovation Officers) and given a "heads-up" through the following message:

"Since the Government of Sri Lanka declared 18th May 2018 as the National Remembrance Day, we at Sri Lanka CERT|CC would like to inform all the Government Agencies maintaining websites, about the risk of websites being compromised by terrorist activist groups. Sri Lanka CERT|CC has observed an increase in the number of website defacements during this particular time in the past. Accordingly, we would like to inform all responsible officers to be vigilant of the potential risk of Government Websites being compromised during this period."

Sri Lanka CERT|CC staff together with the other sector based CSIRT`s including TechCERT and FinCSIRT remained vigilant throughout the weekend. As a result, only 2 government websites (gov.lk) were partially defaced.

The Hackers were targeting vulnerable websites to publish their messages. So, they were able exploit some vulnerability/vulnerabilities in a couple of websites, as was seen. Although some news items stated that many websites were compromised, we have not seen such large numbers of compromised websites, and even the few that were compromised were restored back to normal.